> "Question all the way at the end:"
>
> I wrote an IP down from *.tw for hammering a "test" server I have.
>
> I wrote it under another IP I had. The IP I had was the actual box... (LMAO)
>
> I added.
>
> /sbin/ipchains -A input -j DENY -p all -l -s 65.170.xx.xxx/0 -d 0.0.0.0/0
>
> I accidentally noticed later that the actual IP is / was "one of few" that I
> had of the box. I know it's stupid, I laughed a little and than called
> myself stupid for not recalling the ip#s.
>

i have locked my self out from time to time as well (mostly due to
typeo's in the scrypt) but in my case all i had to do was attach a
keyboard + monitor to box and fix the problem.

> I was too lazy to create a "cron" job script to where I reboot the box it
> would flush the rules and than do a manual ipchains.rules recover command.
>
> I can't access the box from outside and I am 1/2 way around the States to go
> and check it out.
>
> Q.
> Does ipchains flush out of memory once rebooted? I can have someone from
> collocation data center reboot the pc for me.

yes, but if the rule is in one of the startup scripts then you might
need them remove the rule manualy.

i dont know about other distro's but by default redhat sets the
3-finger-salute to safely reboot the computer (as long as it is done
from the console and not X).

>
> One other thing I don't understand is Ip x.x.x.20 might be blocked but why
> isn't ip x.x.x.x.21 working?
> I tried logging in via 2nd IP I have on the box and get access but no can
> do. Nothing is working.
>

your rule will deny all packets (any source, any destination). '-s
65.170.xx.xxx/0' should probably be something allong the lines of '-s
65.170.xx.xxx/16'.

a hind for future referance: have a rule like

/sbin/ipchains -A input -p tcp -dport 21 -l -j ACCEPT

as your very first rule, this way you can always get in with ssh

another idea that i use, is if the box only has a few ip's each with its
own rule set. then make a userdefined chain for each ip and have the
main input chain send incomeing packets to the approperate chain.